Create Appeal

Create Appeal allows a user to create an access request to resources along with the role

application/json

Request Body required

accountId string

Account ID of the user or service account who is creating the appeal

resources object[]
List of resources that the user is requesting access to
Array [
id string
role string
options object
details object
]
accountType string

Account type of the user or service account who is creating the appeal. For example for BigQuery and Google Cloud IAM values are "user" or "service_account"

description string

Responses

• 200
• 400
• 401
• 403
• 404
• 500
• default

---

A successful response.

application/json

Schema

Example (from schema)

---

Schema

appeals object[]
Array [
id string
resourceId string
policyId string
policyVersion int64
status string
accountId string
role string
options object
expirationDate date-time
duration string
labels object
property name* string
resource object
id string
Resource unique identifier
providerType string
Type of the provider that manages this resource
providerUrn string
Unique resource urn
type string
Type of the resource. Depends on the provider type. For example, for BigQuery, it can be dataset, table, view, etc.
urn string
Unique resource urn
name string
details object
Additional information of the resource that can be updated from Guardian
labels object
property name* string
createdAt date-time
Resource creation timestamp
updatedAt date-time
Resource last update timestamp
isDeleted boolean
Whether the resource is deleted or not
parentId string
Parent resource id
children object[]
List of child resources
Array [
0
1
2
3
4
5
6
7
8
9
]
approvals object[]
Array [
id string
name string
appealId string
status string
actor string
policyId string
policyVersion int64
approvers string[]
appeal object
0
1
2
3
4
5
6
7
8
9
createdAt date-time
Approval creation timestamp
updatedAt date-time
Approval last update timestamp
reason string
]
createdAt date-time
Creation time of the appeal
updatedAt date-time
Last update time of the appeal
details object
accountType string
createdBy string
creator
permissions string[]
grant object
id string
status string
accountId string
accountType string
resourceId string
role string
permissions string[]
expirationDate date-time
appealId string
revokedBy string
revokedAt date-time
Timestamp when the grant is revoked
revokeReason string
createdBy string
createdAt date-time
Creation time of the grant
updatedAt date-time
Last update time of the grant
resource object
id string
Resource unique identifier
providerType string
Type of the provider that manages this resource
providerUrn string
Unique resource urn
type string
Type of the resource. Depends on the provider type. For example, for BigQuery, it can be dataset, table, view, etc.
urn string
Unique resource urn
name string
details object
Additional information of the resource that can be updated from Guardian
labels object
property name* string
createdAt date-time
Resource creation timestamp
updatedAt date-time
Resource last update timestamp
isDeleted boolean
Whether the resource is deleted or not
parentId string
Parent resource id
children object[]
List of child resources
Array [
0
1
2
3
4
5
6
7
8
9
]
appeal object
0
1
2
3
4
5
6
7
8
9
isPermanent boolean
source string
statusInProvider string
owner string
description string
]

{
  "appeals": [
    {
      "id": "string",
      "resourceId": "string",
      "policyId": "string",
      "policyVersion": 0,
      "status": "string",
      "accountId": "string",
      "role": "string",
      "options": {
        "expirationDate": "2023-10-24T20:41:02.761Z",
        "duration": "string"
      },
      "labels": {},
      "resource": {
        "id": "f4b7a3c0-9f9b-4b9b-9b0a-9e4b1a1b1b1b",
        "providerType": "bigquery",
        "providerUrn": "my-bq",
        "type": "table",
        "urn": "string",
        "name": "string",
        "details": {},
        "labels": {},
        "createdAt": "2023-06-07T05:39:56.961Z",
        "updatedAt": "2023-06-07T05:39:56.961Z",
        "isDeleted": true,
        "parentId": "string",
        "children": [
          {}
        ]
      },
      "approvals": [
        {
          "id": "string",
          "name": "string",
          "appealId": "string",
          "status": "string",
          "actor": "string",
          "policyId": "string",
          "policyVersion": 0,
          "approvers": [
            "string"
          ],
          "appeal": {},
          "createdAt": "2023-06-07T05:39:56.961Z",
          "updatedAt": "2023-06-07T05:39:56.961Z",
          "reason": "string"
        }
      ],
      "createdAt": "2023-01-01T00:00:00Z",
      "updatedAt": "2023-01-01T00:00:00Z",
      "details": {},
      "accountType": "string",
      "createdBy": "string",
      "creator": {},
      "permissions": [
        "string"
      ],
      "grant": {
        "id": "string",
        "status": "string",
        "accountId": "string",
        "accountType": "string",
        "resourceId": "string",
        "role": "string",
        "permissions": [
          "string"
        ],
        "expirationDate": "2023-10-24T20:41:02.761Z",
        "appealId": "string",
        "revokedBy": "string",
        "revokedAt": "2023-01-01T00:00:00Z",
        "revokeReason": "string",
        "createdBy": "string",
        "createdAt": "2023-01-01T00:00:00Z",
        "updatedAt": "2023-01-01T00:00:00Z",
        "resource": {
          "id": "f4b7a3c0-9f9b-4b9b-9b0a-9e4b1a1b1b1b",
          "providerType": "bigquery",
          "providerUrn": "my-bq",
          "type": "table",
          "urn": "string",
          "name": "string",
          "details": {},
          "labels": {},
          "createdAt": "2023-06-07T05:39:56.961Z",
          "updatedAt": "2023-06-07T05:39:56.961Z",
          "isDeleted": true,
          "parentId": "string",
          "children": [
            {}
          ]
        },
        "appeal": {},
        "isPermanent": true,
        "source": "string",
        "statusInProvider": "string",
        "owner": "string"
      },
      "description": "string"
    }
  ]
}

Bad Request - The request was malformed or contained invalid parameters.

application/json

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Unauthorized - Authentication is required

application/json

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Forbidden - User does not have permission to access the resource

application/json

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Not Found - The requested resource was not found

application/json

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Internal Server Error. Returned when theres is something wrong with Frontier server.

application/json

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /v1beta1/appeals

Authorization

name: X-Auth-Emailtype: apiKeydescription: Email address of the userin: header

Request

Base URL

http://127.0.0.1:7400

apiKey

Body required

{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}

curl / cURL

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

python / requests

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

go / native

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

nodejs / axios

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

ruby / Net::HTTP

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

csharp / RestSharp

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

php / cURL

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

java / OkHttp

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'

powershell / RestMethod

curl -L -X POST 'http://127.0.0.1:7400/v1beta1/appeals' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-Auth-Email: <API_KEY_VALUE>' \
--data-raw '{
  "accountId": "string",
  "resources": [
    {
      "id": "string",
      "role": "string",
      "options": {},
      "details": {}
    }
  ],
  "accountType": "string",
  "description": "string"
}'